Archive | October, 2003

Well, Gator has changed its name to Claria. The company that brought you those wonderfully useful applications, Date Manager and Precision Time(SM), has changed its name but not the products. These products purport to be valuable to users and offered free of charge, "in exchange for displaying online advertising based on your online surfing behavior".

Let’s face it – these applications are completely worthless in most cases. Here are brief descriptions of the applications taken directly from the Claria website:

Date Manager – Date Manager shows today’s date in your system tray and allows you to quickly pull up a two-month calendar and set reminders.

The last time I checked, every version of Windows since 95 has had a built-in clock and calendar in the system tray. The ability to set reminders is included in many popular time management applications, some of which are truely free or are shareware with no additional ad-supported component.

Precision Time – Synchronize your computer clock with one of the world’s most precise timekeeping devices – the U.S. Atomic Clock.

Again, there is a standards-based free service called NTP (Network Time Protocol) that allows users to synchronize their clocks with many pulbicly available time servers, including the US Naval Observatory. Most versions of Windows support this standards-based service.

Claria (formerly Gator Corporation) has also taken umbrage with people who have called their applications spyware by suing them. Their applications are installed many times without users full knowledge of what is going to happen. Yes, the license agreements and warning boxes that pop up before install provide the details of what is going to happen, but most users don’t bother reading them. Further, these applications can be installed as a download that starts automatically as part of any web page, some of which exist only to propagate the software (though I don’t believe Claria actually operates these websites).

The lesson here is this – don’t say yes to install any application that is provided at a web page unless you FULLY understand what is happening. I know the little ActiveX warning boxes pop up frequently, and it is easy to just hit the yes button and move on. DON’T DO IT! Read what is on the screen, including the license agreement. Don’t install anything you don’t ask for, unless you are sure you want what it has to offer. If you aren’t clear, wait and ask someone you trust.

If you don’t follow this advice, you are likely to find an ad for Delta popping up when you visit US Airways’ website because they are paying Claria to push their product. (Neither of the airlines mentioned are known by me to be in a relationship with Claria, and their names are used only as an example of what might be experienced.) Gator was even sued several times for providing ads from competitors when users visited their sites.

Be careful, it’s a dangerous web out there.

Share this:

MacCentral has a statement from Apple that indicates they will be issuing security updates for earlier versions of OS X. In a spirit of accuracy and fairness, I will retract my original comments about Apple’s potentially huge mistake regarding not updating the older version.

I do, however, believe that the delay in releasing a patch for the older version was a mistake. Shipping Panther with the security flaws patched and providing no word on a pending update for older versions lead to a lot of confusion on the part of Mac users everywhere. Even though this was no critical departure from what should be expected of an operating system developer like Apple, it was a serious error in judgement and indrecibly poor PR.

“Apple’s policy is to quickly address significant vulnerabilities in past releases of Mac OS X wherever feasible,” Apple said in a statement given to MacCentral. “The shipment of Panther does not change this policy. Apple has an excellent track record of working with CERT and the open source community to proactively identify and correct potential vulnerabilities.”

Share this:

Evidently there are widespread problems with the upgrade to Panther erasing all of the data on external firewire drives. The appears to be related to external Firewire drives using a chipset manufactured by Oxford Semiconductor (Oxford 922 bridge chipset with firmware 1.02). One of the drives that is effected is the d2 firewire series by Lacie. Be careful!

Share this:

For those of you who have never heard of them, MANNA is an organization in Philadelphia that provides meals to people affected by HIV/AIDS in the Philadelphia metropolitan area. They deliver those meals to shutins. Their fall fundraiser is called Pie in the Sky. You can purchase pies directly from MANNA if you live in the Philly area, or you can make a donation.

I have worked quite a bit with MANNA and find them to be one of the most deserving charities in our area – that is not to say that there aren’t a lot of other charities in the region that are worthy. I can tell you that MANNA’s work makes a huge difference in the lives of those dealing with this horrible disease.

Share this:

Well despite, or perhaps because of, their commitment to release only one bulletin per month, MS has released the second update to their October Security Bulletin for Windows. Here is a summary of the reasons – all 3 patches had the same subsequent issue for re-release, so that information is only included once:

MS03-045 – Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

Reason for Major Revision, V2.0 October 29, 2003:
=================================================
Microsoft re-issued this bulletin on October 29, 2003 to advise on the availability of an updated Windows 2000 [and/or Windows XP, and Windows 2003 server] patch.
This revised patch corrects the Debug Programs (SeDebugPrivilege) user right issue that some customers experienced with the original patch that is discussed in Knowledge Base Article 830846.
This problem is unrelated to the security vulnerability discussed in this bulletin. Customers who have already applied the patch are protected against the vulnerability discussed in this bulletin.

Share this:

Apple released security patches for vulnerabilities in OS X that were originally identified by @stake. I read about this over at CNET News. Apple has not yet released patches for older versions of OS X. Many people are questioning whether or not users must pay the cost of the upgrade in order to be secure.

If Apple fails to release a patch for their older versions, then they will be making a HUGE mistake. With all of the vitriole that most people use in attacking Microsoft on security, the evil empire in Redmond has never made a user pay for an upgrade in order to fix a vulnerability – even for OS versions that are not supported for application patches.

I would be interested in others’ opinions on this matter.

Share this:

Microsoft will be releasing a voice command application for Windows Mobile 2003 and MS Smartphone operating systems. This application is going to be marketed mostly at drivers using their phones. I will probably be purchasing this application on Monday as soon as it is available and will try and post a review next week, once I have had a chance to use it.

There are two different pieces here that I find interesting: Gary is using his blog as a tool to fact check and get opinions about an article he is writing for a major magazine, and the Dean campaign is successfully using modern social networking to extend the reach and effectiveness of their effort. Both of these present a positive outlook for the nature of blogs and their effect on our society as a whole.

Obviously there are probably thousands of blogs that are never read by any serious quantity of people. This blog is still in its infancy and is only read and/or perused by a few people a day. As the medium evolves and develops, however, there is a vast potential for this type of social networking and information sharing to grow to a critical mass.

The excerpts from Gary’s article I found most interesting are:

“The Dean campaign is using lost of tools – they have a swarm like, ant-like structure. But there’s something missing. All of these tools are about organizing people and organizing their money. Finding people and putting them together to support a candidate. What they haven’t experimented with is how this could be used to generate ideas, to create emergent political values rather than just to organize support.

In an online community, “you can’t really jump on or rally support with force. You’re not a “leader.” You’re a place. You’re like a park or a garden. If it’s comfortable and cool, people are attracted. Deanspace is really about that. He represents a place for people to hang out. For instance, the NAN (Net advisory Net) of Dean, some of us don’t even agree necessarily with his politics but we are his advisors because it’s a great experiment and we’re meeting cool people doing cool things. It’s not really about Dean. It’s about us. The good thing is that Dean listens.

Isenberg advanced the principle that under conditions of uncertainty a network should not be optimized for some limited set of uses presumed to be definitive. Instead, the network should be as simple as possible, with advanced functionality (and intelligence) moved out to the ends of the network – to the users.
“Whatever we discover to be the new Stupid Network value proposition, my working hypothesis is that it will be based on intelligent end user devices, intelligent customers, employees whose intelligence is valued as a corporate asset, and companies that can learn.” (The Rise of the Stupid Network, 1997.)

I will comment more on these later, when I have time.

Share this:

Apple has released the fourth major revision to the OS X product in just over three years. The new Panther version of the OS adds a host of new features, including the new iChat personal video conferencing software.

Share this:

Well, I was pleased to see that the state of California had won its first victory against a spammer. The judge fined the company, PW Marketing of Los Angeles County, $2 million for sending out spam about how to spam. Their messages even included a long list of addresses that could be used by other spammers. This case was prosecuted based on California’s 1998 anti-spam law, which was strengthened recently with the passage of a law last month that will result in fines up to $1,000 per email.

My personal take is that this is a good thing. Unsolicited commercial email is becoming annoying at best. The only way over time that we will be able to combat this type of issue is to refuse to support the organizations that use UCE to promote their products. Filters and laws will only do so much, but market forces can do much more. Don’t buy anything that is marketed to you through unscrupulous UCE.